Field
Embodiments of the present invention generally relate to the field of computer networks. In particular, various embodiments relate to systems and methods for improved and efficient firewall policy creation and management.
Description of the Related Art
The Internet is a network of networks and relates to a global collection of interconnected local, mid-level, wide area networks that use Internet Protocols as the network layer protocol. As the Internet and its underlying technologies are becoming increasingly popular, focus on Internet security and computer network security, in general, is also becoming a topic of growing concern. For instance, growing access to unlimited information available on the Internet gives rise to an opportunity to gain unauthorized access to data, which can relate to threats, such as modification of data, deletion of data, unauthorized use of computer resources, undesired interference with intended use of computer resources, among other such threats. Such threats give rise to development of techniques responsible for handling security of networks and computers served by those networks.
A firewall, as one of the commonly used network security or access control mechanisms, is typically configured to shield data and resources from computer network intruders and create an electronic boundary that prevents unauthorized users from accessing files or other content on a network or a computer. A firewall may be provided at an edge of a network (“edge firewall”) that interfaces with computers or resources outside the network and functions as a mechanism for monitoring and controlling flow of data between resources within the network and those outside such that all communication, such as data packets, requests for web pages, request for specific information, which flows between the networks in either direction passes through firewall. A firewall can be configured to selectively permit communication from one network to another network or device so as to provide bi-directional security.
A firewall is typically installed on or otherwise implemented by a computer or any other computing device for protecting against unsecured networks coupled thereto and is configured to monitor network traffic and filter content requests based on a predetermined set of policies. Such firewall policies may define one or more filtering criteria based on how an organization's firewalls should handle inbound and outbound network traffic for specific IP addresses and address ranges, protocols, applications, and content types, through one or more rules, which protect the device or the network. For instance, such criteria may result in the prevention of computers having certain IP addresses from accessing defined social networking websites or secured databases.
Each firewall policy is a list of ordered rules that define action to be taken on matching packets and help control access to and from the firewall and machines behind it. For instance, meeting of a rule defined by a firewall can allow passing of a packet at issue into or from the secure network, while non-compliance with the rule can cause the packet to be discarded. Firewall policies are typically managed by a network administrator using a firewall management interface or any other appropriate software that presents attributes or parameters of network resources and allows the administrator to put or remove restrictions on the usage of the resources for efficient flow of traffic and compliance with information security policies of the organization.
Existing firewall policy management systems require network administrators to have ability to comprehend various attributes of the network traffic including source interface, destination interface, source IP, destination IP, event ID, importance, application details, port details, traffic details, timestamps, user details, source device details, destination device details, level of trust, source operating system details, virus scan level, and schedule, for them to be able to define appropriate policies. This, in turn, requires the network administrator to understand issues relating to network protocols, kinds of traffic, types of application, numbers of ports and use thereof, access controls and security configurations, among others, which presume in-depth technical understanding of computer networks and also of information security needs of the company, as a result of which only a limited set of skilled people possessing the appropriate technical know-how are able to effectively define and manage firewall policies.
Furthermore, existing firewall policy management systems, by virtue of incorporating multiple interconnected network parameters and resource information, introduce significant complexity in the manner in which they are used and/or monitored. Such complexity makes it difficult to introduce changes in the policies as it may adversely impact other components of the system. Existing systems also do not allow effective monitoring of specific resources and generation of accurate reports that are easy to interpret.
In view of the foregoing, there exists a need for systems and methods that can facilitate creation and management of firewall policies.